CPE Details
Puppet Enterprise 2019.7.0
2019.7.0
2022-01-24
15h35 +00:00
15h35 +00:00
2022-01-24
15h43 +00:00
15h43 +00:00
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
CPE Name: cpe:2.3:a:puppet:puppet_enterprise:2019.7.0:*:*:*:*:*:*:*
Informations
Vendor
puppetProduct
puppet_enterpriseVersion
2019.7.0Related CVE
| CVE ID | Publié | Description | Score | Gravité |
|---|---|---|---|---|
| Versions of Puppet Enterprise prior to 2021.7.6 and 2023.5 contain a flaw which results in broken session management for SAML implementations. | 9.8 |
Critique |
||
| A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007 | 9.8 |
Critique |
||
| A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'. | 6.5 |
Moyen |
||
| A flaw was divered in Puppet Enterprise and other Puppet products where sensitive plan parameters may be logged | 4.4 |
Moyen |
||
| A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes (inventory service nodes). | 4.9 |
Moyen |
||
| PuppetDB logging included potentially sensitive system information. | 4.3 |
Moyen |
||
| Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export. | 8.8 |
Haute |
||
| A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query. | 8.8 |
Haute |
2025©
tesweb SA
